Share this story

Further Reading

Three United States senators have demanded that Google provide answers about its recent disclosure of a security vulnerability in its Google+ social network that led to its closure. Google only came forward after the Wall Street Journal broke the story on October 8.

So far, one federal proposed class-action lawsuit has been filed in the wake of the episode.

In a Thursday letter sent to Google CEO Sundar Pichai, Sen. John Thune (R-S.D.), Sen. Roger Wicker (R-Miss.), and Sen. Jerry Moran (R-Kan.) have asked a number of pointed questions of the tech giant.

Among others, the lawmakers seek answers to some basic questions that for now the company has been unwilling to answer publicly.

As they wrote:

Please describe in detail when and how Google became aware of this vulnerability and what actions Google took to remedy it.

Why did Google choose not to disclose the vulnerability, including to the Committee or to the public, until many months after it was discovered?

Are there similar incidents which have not been publicly disclosed?

…

Please provide a copy of Google's internal memo cited in the WSJ article.

Share this story

Cyrus Farivar
Cyrus is a Senior Tech Policy Reporter at Ars Technica, and is also a radio producer and author. His latest book, Habeas Data, about the legal cases over the last 50 years that have had an outsized impact on surveillance and privacy law in America, is out now from Melville House. He is based in Oakland, California. Emailcyrus.farivar@arstechnica.com//Twitter@cfarivar

edit: I don't want this to come off as a defense of Google or their handling here, just that I really want equal opportunity punishment and concern.

Whataboutism is bad - no matter whom it's aimed at.

Generally, I'd agree. I simply think it's important to note that the GOP does not care about these breaches beyond the fact that they can use them as a pretense to target companies for political gains.

edit: Granted, it obviously affects more than Equifax specifically...but damn good timing.

Congress, however, did eventually turn around and required credit freezes to be free of charge.

I understand the frustration, but it isn't like Congress has actually put up any real legislation against tech companies for breaches either. If anything Congress is pretty equal opportunity at feigning outrage and then not doing anything much at all.

I assume this was just a calculated business decision. Congress is obviously corrupt and it seems the punishments for lying and getting caught are trivial compared to admitting fault and trying to make it right.

edit: I don't want this to come off as a defense of Google or their handling here, just that I really want equal opportunity punishment and concern.

Whataboutism is bad - no matter whom it's aimed at.

Generally, I'd agree. I simply think it's important to note that the GOP does not care about these breaches beyond the fact that they can use them as a pretense to target companies for political gains.

edit: I don't want this to come off as a defense of Google or their handling here, just that I really want equal opportunity punishment and concern.

Whataboutism is bad - no matter whom it's aimed at.

Generally, I'd agree. I simply think it's important to note that the GOP does not care about these breaches beyond the fact that they can use them as a pretense to target companies for political gains.

edit: Granted, it obviously affects more than Equifax specifically...but damn good timing.

Congress, however, did eventually turn around and required credit freezes to be free of charge.

I understand the frustration, but it isn't like Congress has actually put up any real legislation against tech companies for breaches either. If anything Congress is pretty equal opportunity at feigning outrage and then not doing anything much at all.

Point taken. Though I think there's a pretty obvious inequity between the two actions in favor of Equifax here.

Oh, yeah, after the breach they also voted to allow the credit agencies to enter the mortgage market while being completely indemnified from consumers!

edit: I don't want this to come off as a defense of Google or their handling here, just that I really want equal opportunity punishment and concern.

Whataboutism is bad - no matter whom it's aimed at.

Generally, I'd agree. I simply think it's important to note that the GOP does not care about these breaches beyond the fact that they can use them as a pretense to target companies for political gains.

edit: I don't want this to come off as a defense of Google or their handling here, just that I really want equal opportunity punishment and concern.

Whataboutism is bad - no matter whom it's aimed at.

Generally, I'd agree. I simply think it's important to note that the GOP does not care about these breaches beyond the fact that they can use them as a pretense to target companies for political gains.

edit: I don't want this to come off as a defense of Google or their handling here, just that I really want equal opportunity punishment and concern.

Whataboutism is bad - no matter whom it's aimed at.

Generally, I'd agree. I simply think it's important to note that the GOP does not care about these breaches beyond the fact that they can use them as a pretense to target companies for political gains.

But my experience is it often gets swept under the rug if possible. I once worked somewhere where I found a significant security bug, but because we found and fixed it internally, customers were never alerted. (And worse, it was a bug in generated output files, and even though we fixed the generation of those files, there are, in theory, still files out there impacted by the bug, leaking sensitive information they shouldn't be.)

edit: I don't want this to come off as a defense of Google or their handling here, just that I really want equal opportunity punishment and concern.

Whataboutism is bad - no matter whom it's aimed at.

Generally, I'd agree. I simply think it's important to note that the GOP does not care about these breaches beyond the fact that they can use them as a pretense to target companies for political gains.

edit: I don't want this to come off as a defense of Google or their handling here, just that I really want equal opportunity punishment and concern.

Whataboutism is bad - no matter whom it's aimed at.

Generally, I'd agree. I simply think it's important to note that the GOP does not care about these breaches beyond the fact that they can use them as a pretense to target companies for political gains.

Thank you! Looking forward to reading up on what happened with this bill. Something like it will hopefully get done soon.

Depends on how the vote goes in November. The current majority is only interested in shaming a liberally-inclined company. Their demonstrated votes show they place a high priority on treating corporations with a laissez-faire mindset, and they have zero interest in consumer protections.

An Ars commentor who thinks there's a material difference between Republicans and Democrats...

Priceless!

Watch out, youll get a bunch of commenters who list laws with cute names that never made it out of committee and claim they are proof the democrats are great. "Keep Our Babies Information Private Act"Imposes a $500 fee per connected device paid for by end user to fund committee that monitors if devices are used by babies.

Not defending google, but do companies often disclose vulnerabilities in their own software that they patch without a known breach?

Google sometimes does it for them via Project Zero.

That is my biggest problem with this whole thing. Google has a very "holier than thou" attitude with security. They are ruthless with their disclosures with Project Zero, yet couldn't even hold themselves to the same standard.

At least they got their wonderful healthcare law with no issues out of committee when they ran the roost. Healthcare has never been cheaper! Or better!

Yes, the Dems are just like the Republicans who were busy for years trying to tear down the Democratic-created ACA at every opportunity, including popular provisions like those against pre-existing conditions. Since the ACA was passed, sad and weak Republican efforts to repeal or cripple it have only made healthcare more expensive... while still failing to fully repeal the law (which would also make healthcare more expensive).

But do keep telling me how the Dems and Reps are the same, using the ACA as your example of choice. It amuses me.